The Hacker News — Cyber Security, Hacking, Technology News

It's been over a month since the WannaCry ransomware caused chaos worldwide and people have started counting its name as 'the things of past,' but…

...WannaCry is not DEAD!

The self-spreading ransomware is still alive and is working absolutely fine.

The latest victims of WannaCry are Honda Motor Company and 55 speed and traffic light cameras in Australia.

The WannaCry ransomware shuts down hospitals, telecom providers, and many businesses worldwide, infecting over 300,000 Windows systems running SMBv1 in more than 150 countries within just 72 hours on 12th of May.

The worm was leveraging an NSA's Windows SMB exploit, dubbed EternalBlue, leaked by the infamous hacking group Shadow Brokers in its April data dump, along with other Windows exploits.

Honda Stops Production After WannaCry Hits its Computer

Honda Motor Company released a statement this week, saying the company was forced to halt its production for more than 24 hours at in one of its Japan-based factories after finding the WannaCry infections in its computer networks.

The automaker halted production of more than 1,000 at its Sayama plant, northwest of Tokyo, on Monday 19th June after it discovered that the ransomware had affected networks across Japan, North America, Europe, China, and other regions despite its efforts to secure systems in mid-May, according to a Wednesday report from Reuters.

While Honda did not say how WannaCry got into their networks 37 days after a researcher activated the kill switch, it's clear that the computers inside the Honda network were running unsupported versions of Windows OS or it did not install a highly critical patch released by Microsoft in March.

Renault and Nissan were also infected by the WannaCry ransomware last month, which also forced them to temporarily stop their production at plants in Britain, India, Japan, France, and Romania.

WannaCry Hits 55 Traffic-Light and Speed Cameras in Australia

Another recent WannaCry victim was spotted in Australia when the Victoria Police confirmed that the ransomware infected a total of 55 red light cameras and speed cameras in Victoria via private camera operator Redflex.

The malware locked down critical files and demanded a ransom in return (WannaCry usually demands $300 to unlock files), according to the 3AW morning radio show.

"A system patch has been applied, which prevents the spread of the virus," the officials told the show. "The Department is in the process of removing the [WannaCry] virus from the affected cameras. The remaining websites will be rectified in the next couple of days."

The authorities believed the infection was the result of a targeted cyber attack, rather than 'human error,' likely on the part of a camera technician, and that WannaCry got onboard via a USB drive.

"Our advice at this stage is that a software virus has been detected however the camera system has not been compromised," the police said. "We will look into all incidents detected by the speed and red light cameras during the time in question as a matter of course. The integrity of the camera system has not been affected."

Well, it is quite surprising that even after knowing about the WannaCry issue for quite a decent amount of time, big companies have not yet implemented proper security measures to defend against the threat.

Ransomware has become an albatross around everyone's neck. Recently, a South Korean web hosting provider confirmed that the company had paid a record $1 Million ransom to hackers in return of its data following a ransomware attack over the weekend.

Hacking Internet of Things (IoTs) have become an amazing practice for cyber criminals out there, but messing with Traffic lights would be something more crazy for them.

The hacking scenes in hollywood movies has just been a source of entertainment for the technology industry, like we've seen traffic lights hacked in Die Hard and The Italian Job, but these movies always inspire hackers to perform similar hacking attacks in day-to-day life.

Security researchers at the University of Michigan have not only hacked traffic light signals in real life, but also claimed that it’s actually shockingly easy to perform by anyone with a laptop and the right kind of radio. If we compare the traffic light hacks in movies and real life, the reality is much easier.

In a paper study published this month, the security researchers describe how a series of major security vulnerabilities in traffic light systems allowed them to very easily and very quickly seized control of the whole system of at least 100 traffic signals in an unnamed Michigan city from a single point of access.

Researchers took permission from a local road agency before performing the hack, but they did not disclose exactly where in Michigan they did their research.

‟Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” the paper explained.

SECURITY HOLES IN TRAFFIC LIGHT SYSTEMS

The team, led by University of Michigan computer scientist J. Alex Halderman, said that the networked traffic systems are left vulnerable to three major weaknesses:

unencrypted radio signals,

the use of factory-default usernames and passwords, and

a debugging port that is easy to attack

This left the network accessible to everyone from cyber criminals to young hackers.

“The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness,” the researchers report in a paper.

In an effort to save on installation costs and increase flexibility, the traffic light system makes use of wireless radio signals rather than dedicated physical networking links for its communication infrastructure - this hole was exploited by the researchers. Surprisingly, more than 40 states currently use such systems to keep traffic flowing as efficiently as possible.

“The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case,” the team said. “We investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. We leveraged these flaws to create attacks which gain control of the system, and we successfully demonstrate them on the deployment.”

WIRELESS SECURITY IN QUESTIONS

The Traffic light systems use a combination of 5.8GHz and 900MHz radio signals, depending on the conditions at each intersection, for wireless communication in point-to-point or point-to-multipoint configurations. The 900MHz links use "a proprietary protocol with frequency hopping spread-spectrum (FHSS)," but the 5.8GHz version of the proprietary protocol isn't terribly different from 802.11n.

The researchers says that anyone with a laptop and a wireless card operating on the same frequency as the wirelessly networked traffic light — in this case, 5.8 gigahertz — could access the entire unencrypted network.

DEBUG PORT

Now, after gaining access, next was to communicate with one of the controllers in their target network. This was done very easily due to the fact that this system’s the control boxes run VxWorks 5.5, a version which by default gets built from source with a debug port left accessible for testing.

“By sniffing packets sent between the controller and this program, we discovered that communication to the controller is not encrypted, requires no authentication, and is replayable. Using this information, we were then able to reverse engineer parts of the communication structure,” the paper reads.

“Various command packets only differ in the last byte, allowing an attacker to easily determine remaining commands once one has been discovered. We created a program that allows a user to activate any button on the controller and then displays the results to the user. We also created a library of commands which enable scriptable attacks. We tested this code in the field and were able to access the controller remotely.”

This debug port allowed researchers to successfully turned all lights red or alter the timing of neighboring intersections — for example, to make sure someone hit all green lights on a given route.

More worrying part is the ability of a cyber criminal to perform denial-of-service (DoS) attack on controlled intersections by triggering each intersection’s malfunction management unit by attempting invalid configurations, which would put the lights into a failure mode.

SOLUTION TO PROBLEM

At last, the team called for manufacturers and operators to improve the security of traffic infrastructure. It recommended that the traffic-system administrators should not use default usernames and passwords, as well as they should stop broadcasting communications unencrypted for “casual observers and curious teenagers” to see.

"While traffic control systems may be built to fail into a safe state, we have shown that they are not safe from attacks by a determined adversary," the paper concluded.

Moreover, they also warned that devices like voting machines and even connected cars could suffer similar attacks.